Excel报告未授权错误链接

Question

I am making excel report of my SQL server table records. In Asp page grid view I am fetching required data then this data is downloaded in excel. one column has hyperlink value & I need this hyperlink should only work in Asp page Grid view but after download, it should redirect to a new page where Unauthorized access error will be shown. I am not getting how to show unauthorized error link in excel file hyperlink click.
Here is my code

protected void LnkBtnViewImage_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(cs);

        LinkButton lnkbtimage = sender as LinkButton;
        GridViewRow gvrowreport = lnkbtimage.NamingContainer as GridViewRow;
        //int Exhid = Convert.ToInt32(gvrowreport.Cells[1].Text);
        string Exhid = ((HiddenField)gvrowreport.Cells[0].FindControl("HiddenField1")).Value;
        SqlCommand cmd = new SqlCommand("select ImageName,ImageData from CompanyImage where Edition_Id='" + Session["Edition_ID"].ToString() + "' and Exhibitor_ID=@Exhibitor_ID ", con);
        cmd.Parameters.AddWithValue("@Exhibitor_ID", Exhid);
        //Select Statement con
        if (con.State == ConnectionState.Closed)
        {
            con.Open();
        }

        SqlDataReader dr = cmd.ExecuteReader();


        if (dr!=null)
        {
            dr.Read();
            LinkButton lnkbtn = sender as LinkButton;
            GridViewRow gvrow = lnkbtn.NamingContainer as GridViewRow;
            //string filePath = GridViewLogo.DataKeys[gvrow.RowIndex].Value.ToString();
            //if (!Convert.IsDBNull(dr["ImageData"]))
            //{
                Response.ContentType = "application/vnd.ms-jpg";
                //to open file prompt Box open or Save file
                Response.AddHeader("content-disposition", "attachment;filename=" + dr["ImageName"].ToString());
                Response.Charset = "";
                Response.Cache.SetCacheability(HttpCacheability.NoCache);
                Response.BinaryWrite((byte[])dr["ImageData"]);
                Response.End();
            //}
            //else
            //{
            //    //lblhid.Text = "Image is not uploaded here !!";
            //    //lblhid.ForeColor = Color.Green;
            //    //lblhid.Visible = true;
            //    //// lblhexcelerror.Visible = false;
            //    //gvrow.Visible = false;
            //}

        }

        else
        {
            //LinkButton lnkbtn = sender as LinkButton;
            //GridViewRow gvrow = lnkbtn.NamingContainer as GridViewRow;
            //gvrow.Visible = false;
        }

        con.Close(); 

Answer 1

With a few specific exceptions (eg forms with CSRF tokens) it's usually the case that when you click on a link the server doesn't care how you got there, it receives the request and serves the requested page or resource. It doesn't really know whether the link was contained within an Excel file, or another HTML document, an email etc. That's one of the clever things about hyperlinks, in fact.

Even if what you were suggesting was feasible, there would be nothing to stop a user from copying and pasting it into their browser and accessing it from there.

If you don't want this link to work from your Excel document, and/or you don't want users to be given the link, the simplest thing would be not to include it in the document in the first place.

Also if it's the case that this link is being given to users who shouldn't have access to whatever is shown the link, then simply not giving them the link ("security by obscurity") is not really adequate protection. If that's the situation then you need to think about how access to that link is authorised, no matter where the user acquired the knowledge of it.

Answer 2

use trim in code of reports. In trim you have to remove "mailto:" while exporting it to the excel